COGENT COMMUNICATIONS HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

COGENT COMMUNICATIONS HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 11:34:39 EST.

Filings

10-K filed on 2024-02-29

COGENT COMMUNICATIONS HOLDINGS, INC. filed an 10-K at 2024-02-29 11:34:39 EST
Accession Number: 0001410578-24-000091

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C Cybersecurity
ITEM 1C. CYBERSECURITY We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We design and assess our program based on the Center for Internet Security (CIS) control objectives and benchmarks. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the CIS objectives and benchmarks as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Key elements of our cybersecurity risk management program include, but are not limited to, the following: o cybersecurity awareness training and communications for employees; o a dedicated security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; o cybersecurity controls to detect cybersecurity incidents or risks within our IT Systems ; Page 30 of 90 Table of Contents o internal and external risk assessments designed to help identify material cybersecurity risks to our critical systems and information; and o a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors Our network may be the target of potential cyber-attacks and other security breaches that could have significant negative consequences. The Audit Committee of our Board of Directors is tasked with oversight of the Company network and data security efforts and is responsible for the Company s policies and practices with respect to cybersecurity and enterprise risk management. We have a dedicated Cybersecurity Engineer in our Information Technology department who reports directly to the CIO. Our Cybersecurity Engineer is primarily responsible for continuously evaluating our security efforts and coordinating with our CIO and other management employees as necessary. The CIO meets with our Audit Committee regularly to update the Audit Committee on any new or identified cybersecurity threats, the Company s cybersecurity efforts and plans for the upcoming quarters. Our Audit Committee also meets regularly with senior management, including our CIO, to receive updates and about the Company s cybersecurity initiatives. Our CEO regularly meets with our CIO to discuss, in part, any significant cybersecurity issues. In addition to the CIO, our Cybersecurity Engineer and the Information Technology team are responsible for the day to day monitoring of the cybersecurity landscape, the Company s monitoring and response processes and training of Company employees. The Chief Legal Officer, Vice President of Network Strategy and VP of Network Engineering may also be involved, as necessary. Our CIO s experience includes over twenty years of experience in risk management and compliance, incident response, crisis management and security architecture and technology integration. Our Cybersecurity Engineer is a certified information systems security professional by the International Information System Security Certification Consortium, and his experience includes cybersecurity architecture, engineering and administration together with the development of cybersecurity policies, practices and training.

Company Information